General Data Protection
Regulation (GDPR) vs Privacy Shield

The European Union General Data Protection Regulation (GDPR) was enacted in the European Union (EU) in 2018.GDPR is a set of rules about how companies should process the personal data of data subjects. It lays out responsibilities for organizations to ensure the privacy and protection of personal data, provides data subjects with certain rights, and assigns powers to regulators to ask for demonstrations of accountability or even impose fines in cases where an organization is not complying with GDPR requirements.

Privacy Shield Principles

The Privacy Shield Principles comprise a set of seven commonly recognized privacy principles combined with 16 equally binding supplemental principles, which explain and augment the first seven. Collectively, these 23 Privacy Shield Principles lay out a set of requirements governing participating organizations’ use and treatment of personal data received from the EU under the Framework as well as the access and recourse mechanisms that participants must provide to individuals in the EU. Once an organization publicly commits to comply with the Privacy Shield Principles, that commitment is enforceable under U.S. law.

Principles

NoticeChoiceAccountability for Onward TransferSecurity

Data Integrity and Purpose LimitationAccessRecourse, Enforcement and Liability

Supplemental Principles

Sensitive DataSecondary LiabilityPerforming Due Diligence and Conducting AuditsThe Role of the Data Protection AuthoritiesSelf-CertificationVerificationAccessHuman Resources DataObligatory Contracts for Onward Transfers

Journalistic ExceptionsDispute Resolution and EnforcementChoice – Timing of Opt OutTravel InformationPharmaceutical and Medical ProductsPublic Record and Publicly Available InformationAccess Requests by Public Authorities

Key GDPR Requirements

Understanding GDPR requirements is often considered an overwhelming task. It is important to understand these requirements and their implications on your company. Implementation of GDPR within the context of your company will require a dedicated effort.

Lawful, fair and transparent processingLimitation of purpose, data and storageData subject rightsConsentPersonal data breaches

Privacy by DesignData Protection Impact AssessmentData transfersData Protection OfficerAwareness and training

GDPR or Privacy Shield Security Assessment and Certification

Are you wondering about your organization’s data risks and in need of a current GDPR or Privacy Shield Assessment and Certification? Contact the Interactive Security team at 267-824-2500 or sales@intactsec.com.

ABOUT US

Partner Program

Testimonials

CMMC

HIPAA

PCI DSS

GDPR / Privacy Shield

GLBA

NCUA / ACET

FedRAMP

NIST 800-171 Compliance

SOC

ISO 27001

HITRUST CSF

FTC Safeguards Rule

State Privacy Laws

VULNERABILITY SCANNING

VENDOR MANAGEMENT

Internal Audit / Risk Assessment

VCSO / VPO

PENETRATION TESTING

POLICY / PROCEDURE DEVELOPMENT

SOCIAL ENGINEERING TESTING

General Data ProtectionRegulation (GDPR) vs Privacy Shield